Secure non-volatile memory device and method of protecting data therein

ABSTRACT

The invention relates to a non-volatile memory device comprising: an input for providing external data (D) to be stored on the non-volatile memory device; a first non-volatile memory block ( 100 ) and a second non-volatile memory block ( 200 ), the first non-volatile memory block ( 100 ) and the second non-volatile memory block ( 200 ) being provided on a single die ( 10 ), wherein the first non-volatile memory block ( 100 ) and second non-volatile memory block ( 200 ) are of a different type such that the first non-volatile memory block ( 100 ) and the second non-volatile memory block ( 200 ) require incompatible external attack techniques in order to retrieve data there from; and—an encryption circuit ( 50 ) for encrypting the external data (D) forming encrypted data (D′, D″) using unique data (K, K 1,  K 2 ) from at least the first non-volatile memory block ( 100 ) as an encryption key, the encrypted data (D′, D″) at least being stored into the second non-volatile memory block ( 200 ). The invention further relates to method of protecting data in a non-volatile memory device.

FIELD OF THE INVENTION

The invention relates to a non-volatile memory device. The invention further relates to a method of protecting data in a non-volatile memory device.

BACKGROUND OF THE INVENTION

Non-volatile memory devices (ROM, PROM, EPROM, EEPROM, etc) are widely known. Also they have been widely used in applications where the data needs to be protected, like in home applications, mobile applications, and set-top boxes (pay TV, satellite TV, etc). In the last decades various methods of attacking data on non-volatile memory devices have been developed:

front-side de-processing combined with optical imaging

back-side de-processing combined with voltage contrast imaging

microprobing

UV treatment

Software attack

FIB (cut and sense),

etc.

In general non-volatile memories like floating gate-based memories and ONO-based memories have been regarded as very secure to these attacks. However, recently, in C. De Nardi et al., Microelectronics Reliability, Vol. 45 (2005), p 1514-1519, a method has been published which enables retrieval of data from EEPROM memory devices. This publication discloses a method to measure “on site” programmed charges in EEPROM devices. Electrical AFM based techniques (Electric Force Microscopy (EFM) and Scanning Kelvin Probe Microscopy (SKPM) are used to probe directly floating gate potentials. Both preparation and probing methods are discussed. Sample preparation to access floating gate/oxide interfaces at a few nanometers from the back-side without discharging the data reveals to be the key point, more than the probing technique itself. This method will also be referred to as back-side voltage contrast imaging.

So, a drawback of the known non-volatile memory devices is that data stored thereon may no longer be secure enough to external attacks.

SUMMARY OF THE INVENTION

It is an object of the invention to provide a non-volatile memory device, which is more secure to external attacks. It is a further object of the invention to provide a method of protecting data in a non-volatile memory device against external attacks.

The invention is defined by the independent claims. The dependent claims define advantageous embodiments.

The object of the invention is realized in that a non-volatile memory device is provided, which comprises:

an input for providing external data to be stored on the non-volatile memory device;

a first non-volatile memory block and a second non-volatile memory block, the first non-volatile memory block and the second non-volatile memory block being provided on a single die, wherein the first non-volatile memory block and second non-volatile memory block are of a different type such that the first non-volatile memory block and the second non-volatile memory block require incompatible external attack techniques in order to retrieve data there from; and

an encryption circuit for encrypting the external data forming encrypted data using unique data from at least the first non-volatile memory block as an encryption key, the encrypted data at least being stored into the second non-volatile memory block.

An essential element of the invention is that the encryption in each non-volatile memory device is unique by using a unique encryption key. Another essential element of the invention is that the non-volatile memory device comprises at least two memory blocks that play a role in the encryption. As a result of these measures, in order to be able retrieve the external data, which was originally stored (in an encrypted way) on the memory device, it is essential that data is retrieved from both the first non-volatile memory block and the second non-volatile memory block of the same memory device (same die).

A non-volatile memory cell typically comprises a transistor having a charge storage region (floating gate, charge trap layer in an oxide-nitride-oxide device, etc). Each external attack technique may comprise a deprocessing (reverse engineering) step in order to be able to access the charge storage regions of the memory blocks and in order to determine how the memory cells are connected (either from the front-side or from the back-side) and an investigation/probing/observation step for determining the charge on the charge storage regions. A further essential feature of the invention is that the first non-volatile memory block and the second non-volatile memory block require different incompatible external attack techniques. This feature of the invention renders it useless to separately attack the first non-volatile memory block and the second non-volatile memory block of different dies, knowing that the data has been encrypted using unique data (so the encryption is different in each memory device).

Because of the combination of the above mentioned features of the non-volatile device according to the invention it is very hard to retrieve the data originally stored on the non-volatile memory device.

In an advantageous embodiment of the non-volatile memory device according to the invention the encryption circuit has been provided on the same die as the first non-volatile memory block and the second non-volatile memory block. This measure provides an additional level of security to the memory device, because reverse-engineering of the encryption circuit will eventually destroy the memory blocks as well.

In another advantageous embodiment of the non-volatile memory device according to the invention the first non-volatile memory block and the second non-volatile memory block are layout-wise interlaced. Interlacing of the first non-volatile memory block and the second non-volatile memory blocks makes reverse-engineering of both blocks on the same die even more difficult.

In one specific embodiment of the non-volatile memory device according to the invention the first non-volatile memory block is a poly fuse memory and the second non-volatile memory block is a floating gate memory. This combination of memory types on a single die provides a very good resistance against external-attacks, because a poly fuse memory needs to be reverse-engineered from the front-side of the device and a floating gate memory needs to be reverse-engineered from the back-side in order to access the floating gates. It is important to note that during the reverse-engineering steps material is removed from the front-side and the back-side respectively, rendering it almost impossible to reverse-engineer both memory blocks on the same die at the same time. Preferably, the poly fuse memory uses physically the same poly layer as the floating gate memory, which makes it even more difficult to reverse-engineer both memory blocks at the same time. When a hacker tries to obtain data from the first memory block, being a poly fuse memory, by means of optical imaging the retrieval of the data on the second memory block, being a floating-gate memory, is blocked. This is due to the fact that optical imaging of the poly fuse memory requires front-side de-layering of a die, while back-side voltage contrast imaging of the non-volatile memory requires back-side de-layering of a die. And it is at least extremely difficult and maybe even impossible to de-layer a die from both sides. Similarly, when a hacker tries to retrieve the data from the floating-gate memory by back-side de-layering, it would make it virtually impossible to retrieve memory information later on from the poly fuse memory from the same die.

In another embodiment of the non-volatile memory device according to the invention bit lines of at least one of the first non-volatile memory block and the second non-volatile memory block have been scrambled. Scrambling the bit lines means that the bit-lines are laid out in some sort of “spaghetti-like” way. Reverse engineering by optical inspection of the interconnections is thus made very hard by this measure.

In a further improved embodiment of the non-volatile memory device according to the invention the non-volatile memory further comprises:

a third non-volatile memory block, the third non-volatile memory block being provided on the same single die as the first non-volatile memory block and the second non-volatile memory block, wherein the third non-volatile memory block is of a different type than the first non-volatile memory block and second non-volatile memory block such that the first non-volatile memory block, the second non-volatile memory block, and the third non-volatile memory block require incompatible external attack techniques in order to retrieve data there from, the encrypted data being stored in a distributed way at least into the second non-volatile memory block and the third non-volatile memory block. Providing more memory blocks and distributing (encrypted) data over more memory blocks increases the number of reverse engineering parameters to be determined by the hacker and thus makes external attacking of the device much more difficult.

In one particular embodiment of the non-volatile memory device according to the invention the unique data from at least the first non-volatile memory block, being used as an encryption key, is changed after a predefined number of accesses to the non-volatile memory device or after a predefined time. A hacker may use huge computing power to perform numerous trial & error operations or legal operations in order to extract the encryption key from many operations. To secure the data against such reverse computing, a time-dependent encryption key, or a “maximum-number-of-usage/access” encryption key can be implemented before the encryption key is forced to expire. A time-dependent key may expire in one month, one week, one day, or even every minute (like in VPN-iRAS applications). A “maximum-number-of-usage/access” encryption key can be preset to a certain limit (e.g. 10), wherein a counter keeps track of the number of accesses and which is recorded into the memory. After that this limit has been reached, the encryption key may expire or be changed or re-issued.

Alternatively, in another embodiment of the non-volatile memory device according to the invention the unique data from at least the first non-volatile memory block comprises multiple encryption keys, each encryption key being used for part of the external data to be encrypted. This also provides an efficient way of counter-acting the reverse-computing attack of a hacker, because the computing power required increases dramatically.

In an embodiment of the non-volatile memory device according to the invention the unique data from at least the first non-volatile memory block comprises one of a Chip-ID or an IP-address. A Chip-ID and an IP-address are good examples of unique data, which are easily available in many applications.

The invention also relates to a method of protecting data in a non-volatile memory device, the method comprising steps of:

providing external data to be stored on the non-volatile memory device, the non-volatile memory device having a first non-volatile memory block and a second non-volatile memory block, the first non-volatile memory block and the second non-volatile memory block being provided on a single die, wherein the first non-volatile memory block and second non-volatile memory block are of a different type such that the first non-volatile memory block and the second non-volatile memory block require incompatible external attack techniques in order to retrieve data there from;

encrypting the external data for forming encrypted data using unique data from at least a first memory block as an encryption key; and

storing the encrypted data at least on a second memory block.

The method according to the invention provides a convenient way of protecting data on a non-volatile memory device.

BRIEF DESCRIPTION OF THE DRAWINGS

Any of the additional features can be combined together and combined with any of the aspects. Other advantages will be apparent to those skilled in the art. Numerous variations and modifications can be made without departing from the scope of the claims of the present invention. Therefore, it should be clearly understood that the present description is illustrative only and is not intended to limit the scope of the present invention.

How the present invention may be put into effect will now be described by way of example with reference to the appended drawings, in which:

FIG. 1 illustrates a first embodiment of the non-volatile memory device according to the invention;

FIG. 2 illustrates a second embodiment of the non-volatile memory device according to the invention;

FIG. 3 illustrates a third embodiment of the non-volatile memory device according to the invention;

FIG. 4 illustrates a fourth embodiment of the non-volatile memory device according to the invention;

FIG. 5 illustrates a fifth embodiment of the non-volatile memory device according to the invention;

FIG. 6 illustrates a sixth embodiment of the non-volatile memory device according to the invention; and

FIGS. 7 to 10 illustrate four different ways of interlacing memory blocks.

DETAILED DESCRIPTION

In FIG. 1 a non-volatile memory device according to a first embodiment of the invention is schematically illustrated. In this embodiment external data D is provided via an input (not shown) to an encryption circuit 50. The non-volatile memory device comprises a first non-volatile memory block 100 and a second non-volatile memory block 200, the first non-volatile memory block 100 and the second non-volatile memory block 200 being of a different type such that the they require incompatible external attack techniques in order to retrieve data there from.

The encryption circuit 50 encrypts the external data D using unique data K from the first non-volatile memory block 100, forming encrypted data D′. The encrypted data D′ is stored in the second non-volatile memory block 200. The first non-volatile memory block 100 and the second non-volatile memory block 200 are located on the same die 10, which is an essential feature of the invention. Together with the fact that the required external attack techniques for both non-volatile memory blocks 100, 200 are incompatible, this feature provides a so-called interlock LCK between both non-volatile memory blocks 100, 200. It is therefore very difficult to retrieve data from both the first non-volatile memory block 100 and the second-non-volatile memory block 200 at the same time.

In one example of the invention, the encryption circuit 50 comprises XOR-gates, wherein each bit of the external data D is XOR-ed with a corresponding bit of the unique encryption key K from the first non-volatile memory block 100. However, the person skilled in the art may easily come up with different and more complex implementations of the encryption circuit 50.

In FIG. 2 the non-volatile memory device according to a second embodiment of the invention is schematically illustrated. This embodiment of the non-volatile memory device according to the invention differs from the first embodiment in that the interlock LCK is also provided for the encryption circuit 50. This means that the encryption circuit 50 has been provided on the same die 10 as the first non-volatile memory block 100 and the second non-volatile memory block 200. Such a measure increases the level of security of the data D. External attack of the encryption circuit 50 may also destroy data from the first non-volatile memory block 100 and the second non-volatile memory block 200.

In FIG. 3 the non-volatile memory device according to a third embodiment of the invention is schematically illustrated. This embodiment of the non-volatile memory device according to the invention differs from the first embodiment in that a first part of the encrypted data D′ is stored into the first non-volatile memory block 100 and a second part of the encrypted data D″ is stored into the second non-volatile memory block 200. Spreading the encrypted data over the first and second non-volatile memory blocks 100, 200 provides a stronger interlock LCK and thus an additional security.

In FIG. 4 the non-volatile memory device according to a fourth embodiment of the invention is schematically illustrated. This embodiment of the non-volatile memory device according to the invention differs from the first embodiment in that the encryption key K used by the encryption circuit 50 comprises a first part K1 which has been stored in the first non-volatile memory block 100 and a second part K2 which has been stored in the second non-volatile memory block 200.

In FIG. 5 the non-volatile memory device according to a fifth embodiment of the invention is schematically illustrated. This embodiment of the non-volatile memory device according to the invention differs from the earlier mentioned embodiments in that multiple encryption keys K1, K2 are used for encrypting the external data D. The multiple encryption keys K1, K2 can be stored on the first non-volatile memory block.

Alternatively, which is more in line with the example in FIG. 4, the encryption circuit 50 uses at least two encryption keys, a first encryption key K1 being stored in the first non-volatile memory block 100 and another encryption key K2 being stored in the second non-volatile memory block 200.

In case multiple encryption keys K1, K2 are used for encrypting data, various approaches are possible. In one approach subsequent words in the external data D are encrypted using the first encryption key K1 and the second encryption key K2 in an alternating way. Alternatively, in another approach a first set of words (e.g. the first half of the external data) is encrypted using the first encryption key K1 and a second set of words (e.g. the second half of the external data) is encrypted using the second encryption key K2. In yet another approach each external data word to be stored is encrypted using a different encryption key, all encryption keys being stored on the first non-volatile memory block 100.

In FIG. 6 the non-volatile memory device according to a sixth embodiment of the invention is schematically illustrated. This embodiment of the non-volatile memory device according to the invention differs from the third embodiment in that the non-volatile memory device further comprises a third non-volatile memory block 300. The encrypted data D now comprises a first part D′ which is being stored on the second non-volatile memory block 200 and a second part D″ which is being stored on the third non-volatile memory block 300. Spreading the encrypted data over multiple non-volatile memory blocks 200, 300 provides a stronger interlock LCK and thus an additional security.

The embodiments mentioned above can be combined as well. For example, the second embodiment dealing with the encryption circuit 50 being provided on the same die as the memory blocks, can be easily combined with any one of the other embodiments.

In the above embodiments a word may comprise 16, 32, 64, 128 bits in some examples. However, in principle, in all embodiments, a word can be of any length.

It is important to note that the encryption circuit 50 in all described embodiments of the non-volatile memory may also be designed to decrypt the encrypted (stored) data D′ when reading from the non-volatile memory device. Alternatively, a separate decryption circuit (not shown) may be provided. For this decryption circuit the same interlock aspects hold as for the encryption circuit 50.

It is also important to note that the external data may be encrypted data as well. This measure counteracts attack techniques like IC pin probing when the non-volatile memory device is placed in its application. In such a case the stored encrypted data D′ has been encrypted twice.

In a concrete example of the first embodiment of the non-volatile memory device according to the invention, the product concerns a single chip secure “product X” manufactured in a 90 nm technology. The technology features salicided polyfuses to be used as non-volatile memory. In “product X” this memory type is used for the first non-volatile memory block 100. The technology also features floating-gate memory as non-volatile memory. In “product X” this memory type is used for the second non-volatile memory block. The physical layer of the floating gates in the second non-volatile memory block 200 have been manufactured in the same physical layer as the salicided polyfuses in the first non-volatile memory block 100. This ensures a firm interlock LCK between the first and second non-volatile memories. When attacking the content of memory the polyfuse memory block 100, the content of the other floating memory block 200 is destroyed, and vice versa. In “product X”, the first non-volatile memory block 100 contains a DieID code, which then forms a hardware private key. “Product X” could further comprise a provider ID, which may be from companies like UPC or KPN. The provider ID can be stored on the first memory block 100 as well, and then forms together with the DieID code the hardware private key. The second non-volatile memory block 200 contains the encrypted (using the hardware private key) customer ID (being the original external data). The second non-volatile memory block 200 may also comprise an encrypted (using the hardware private key) public key. Sometimes this public key is temporary.

Another way of further improving the protection of the data on the non-volatile memory device is to interlace the memory blocks layout-wise. FIGS. 7 to 10 illustrate different approaches of interlacing two memory blocks. FIG. 7 illustrates a first non-volatile memory block 100 and a second non-volatile memory block 200, wherein the first non-volatile memory block 100 has been laid out inside the second non-volatile memory block 200. FIG. 8 illustrates another approach wherein memory cells 100′ of the first non-volatile memory block 100 have been scattered or distributed over the layout of the second non-volatile memory block 200. FIG. 9 illustrates a third approach wherein memory cells 100′ of the first non-volatile memory block 100 and memory cells 200′ of the second non-volatile memory block 200 have been arranged in columns in an alternating way. Such an approach is interesting when the memory blocks 100, 200 are of comparable size. FIG. 10 illustrates a fourth approach wherein memory cells 100′ of the first non-volatile memory block 100 and memory cells 200′ of the second non-volatile memory block 200 have been arranged in an alternating way in both the column as well as the row direction. This approach is expected to provide the best interlock. However, for such an approach is most effective in case memory cells 100′, 200′ of the first 100 and second non-volatile memory blocks 200 are of comparable size.

An alternative way of further improving the protection of the data on the non-volatile memory device is to implement bit-line scrambling. Bitline scambling is a kind of local “encryption” such that a logical bit and a physical bit are scrambled. One example is to make use of the multi-layered wiring in the technology through a “spaghetti-like” way so that the bit-line address for every byte (or word) columns are totally different from other bytes/words. In this way, the logic bits are scrambled physically and become very difficult to trace. For example, a 3 bits shifted byte would become Bit 3, Bit 4, Bit 5, Bit 6, Bit 7, Bit 0, Bit 1, Bit 2 (instead of Bit 0, . . . 7), and a mirrored byte would have bit sequence of Bit 7, Bit 6, Bit 5, Bit 4, Bit 3, Bit 2, Bit 1, Bit 0. In a real implementation, the scrambling is a combination of shifting, mirroring, swapping, etc. Bit-line scrambling makes reverse engineering by means of optical inspection very difficult. Bit-line scrambling can be combined with memory interlacing.

The invention thus provides a non-volatile memory device, which is more secure against external attack techniques. An important aspect of the invention lies in the interlocking of two or more memory blocks combined with the encryption of data being stored thereon. The person skilled in the art knows the non-volatile memory technology used in the embodiments. The person skilled in the art also knows about non-volatile memory operation and integration. It is the insight of the inventors that a clever combination and integration of more than one memory on a single die combined with the encryption of the data thereon, wherein the encryption key is stored at least on one of the memories, provides a good interlock of the data and therefore a good security against external attacks. The invention may be used in various applications like: identification applications, home applications, mobile applications, and set-top boxes (pay TV, satellite TV, etc).

The invention also provides a method of protecting data in a non-volatile memory device, the method comprising steps of:

providing external data to be stored on the non-volatile memory device, the non-volatile memory device having a first non-volatile memory block and a second non-volatile memory block, the first non-volatile memory block and the second non-volatile memory block being provided on a single die, wherein the first non-volatile memory block and second non-volatile memory block are of a different type such that the first non-volatile memory block and the second non-volatile memory block require incompatible external attack techniques in order to retrieve data there from;

encrypting the external data for forming encrypted data using unique data from at least a first memory block as an encryption key; and

storing the encrypted data at least on a second memory block.

The advantages and improvements of this method follow those of the memory device described above.

The present invention has been described with respect to particular embodiments and with reference to certain drawings but the invention is not limited thereto but only by the claims. Any reference signs in the claims shall not be construed as limiting the scope. The drawings described are only schematic and are non-limiting. In the drawings, the size of some of the elements may be exaggerated and not drawn on scale for illustrative purposes. Where the term “comprising” is used in the present description and claims, it does not exclude other elements or steps. Where an indefinite or definite article is used when referring to a singular noun e.g. “a” or “an”, “the”, this includes a plural of that noun unless something else is specifically stated.

Furthermore, the terms first, second, third and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances and that the embodiments of the invention described herein are capable of operation in other sequences than described or illustrated herein.

Whenever the words “column” and “row” are used, they can be exchanged as well without departing from the scope of the invention. 

1. A non-volatile memory device comprising: an input for providing external data to be stored on the non-volatile memory device; a first non-volatile memory block and a second non-volatile memory block, the first non-volatile memory block and the second non-volatile memory block being provided on a single die, wherein the first non-volatile memory block and second non-volatile memory block are of a different type such that the first non-volatile memory block and the second non-volatile memory block require incompatible external attack techniques in order to retrieve data there from; and an encryption circuit for encrypting the external data forming encrypted data using unique data from at least the first non-volatile memory block as an encryption key, the encrypted data at least being stored into the second non-volatile memory block.
 2. A non-volatile memory device as claimed in claim 1, wherein the encryption circuit has been provided on the same die as the first non-volatile memory block and the second non-volatile memory block.
 3. A non-volatile memory device as claimed in claim 1, wherein the first non-volatile memory block and the second non-volatile memory block are layout-wise interlaced.
 4. A non-volatile memory device as claimed in claim 1, wherein the first non-volatile memory block is a poly fuse memory and the second non-volatile memory block is a floating gate memory.
 5. A non-volatile memory device as claimed in claim 4, wherein the poly fuse memory uses physically the same poly layer as the floating gate memory.
 6. A non-volatile memory device as claimed in claim 1, wherein bit lines of at least one of the first non-volatile memory block and the second non-volatile memory block have been scrambled.
 7. A non-volatile memory device as claimed in claim 1, wherein the non-volatile memory further comprises: a third non-volatile memory block, the third non-volatile memory block being provided on the same single die as the first non-volatile memory block and the second non-volatile memory block, wherein the third non-volatile memory block is of a different type than the first non-volatile memory block and second non-volatile memory block such that the first non-volatile memory block, the second non-volatile memory block, and the third non-volatile memory block require incompatible external attack techniques in order to retrieve data there from, the encrypted data being stored in a distributed way at least into the second non-volatile memory block and the third non-volatile memory block.
 8. A non-volatile memory device as claimed in claim 1, wherein the unique data from at least the first non-volatile memory block, being used as an encryption key, is changed after a predefined number of accesses to the non-volatile memory device or after a predefined time.
 9. A non-volatile memory device as claimed in claim 1, wherein the unique data from at least the first non-volatile memory block comprises multiple encryption keys, each encryption key being used for part of the external data to be encrypted.
 10. A non-volatile memory device as claimed in claim 1, wherein the unique data from at least the first non-volatile memory block comprises one of a Chip-ID or an IP-address.
 11. A method of protecting data in a non-volatile memory device, the method comprising: providing external data to be stored on the non-volatile memory device, the non-volatile memory device having a first non-volatile memory block and a second non-volatile memory block, the first non-volatile memory block and the second non-volatile memory block being provided on a single die, wherein the first non-volatile memory block and second non-volatile memory block are of a different type such that the first non-volatile memory block and the second non-volatile memory block require incompatible external attack techniques in order to retrieve data there from; encrypting the external data for forming encrypted data using unique data from at least a first memory block as an encryption key; and storing the encrypted data at least on a second memory block. 